const Router = require('@koa/router');
const UserController = require('../controllers/userController');
const { auth } = require('../middleware/auth');
const { isAdmin, isSelfOrAdmin } = require('../middleware/checkRole');

const router = new Router({ prefix: '/api/users' });

// 公开路由
router.post('/register', UserController.create);
router.post('/login', UserController.login);

// 需要认证的路由
router.get('/', auth, UserController.getAll);
router.get('/:id', auth, UserController.getOne);

// 需要权限验证的路由
router.put('/:id', auth, isSelfOrAdmin, UserController.update);
router.delete('/:id', auth, isSelfOrAdmin, UserController.delete);

module.exports = router; 